Void's Forums

[Void Main]

Does anyone know anything about the address 203.194.168.171? The site http://www.shaolinmicro.com/ appears to be associated with it. I just blocked their IP address as this is the second time they have run a web suck on these forums. I have no problem with this if it is legit but it appears to be some sort of robot. If you know anything about this please let me know and I will unblock the address. Thanks.

[ThePreacher]

What exactly is a web suck?

[Void Main]

I just meant a program like "websuck" or a "wget -r" that goes through your entire site and pulls everything it can from every link it can. This is not good to run on a forum for several reasons. At worst the program will go into a rucursion of links eating up bandwidth and CPU on the server which is what this thing seemed to have been doing. And it wasn't doing it through just one connection but seemed to spawn several connections in order to maximize it's suckness.

It happened about a week ago and I killed it. It ran for over an hour today before I finally blocked it. Here is the user agent string which I would assume is not the real agent:

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020

[Panos]

It could be a spider or web-crawler. It could also be a spambot. In either case, that IP address points to that site which is strange. If I were you I'd block it as well.

[Void Main]

If it's a crawler it's not a very good one. Google is nice and stays out of that stuff.

[Linux Frank]

Well I dont know if this helps. It appears to be assigned to an ISP based in Hong Kong.

the APNIC whois gives this

inetnum: 203.194.168.170 - 203.194.168.185
netname: CLEVERMOTIONTECH-HK
country: HK
descr: CLEVER MOTION TECHNOLOGY LTD
admin-c: KK135-AP
tech-c: DI16-AP
changed: hostmaster@iadvantage.net.hk 20020904
mnt-by: MAINT-HK-IS
source: APNIC
status: UNSPECIFIED

person: KAN KAM YUEN ALAN
nic-hdl: KK135-AP
e-mail: alankan@cmindhk.com
address: ROOM 3A, 3/F., MOW SHING CENTRE,
address: 118 BEDFORD ROAD,
address: TAI KOK TSUI
phone: +852-27870778
fax-no: +852-27870778
country: HK
changed: hostmaster@iadvantage.net.hk 20020904
mnt-by: MAINT-HK-IS
source: APNIC

person: DNS IADVANTAGE
address: MEGATOP,
address: Mega-iAdvantage,
address: 399 Chai Wan Road,
address: Chai Wan, Hong Kong
country: HK
phone: +852-22088333
fax-no: +852-22672237
e-mail: dns@iadvantage.net
nic-hdl: DI16-AP
mnt-by: MAINT-HK-IS
changed: hostmaster@iadvantage.net 20010807
source: APNIC

Does this help? Sorry I can't find anything else, but if I can I'll let you know.

If you don't want this info on your site feel free to remove it without fear of offense [/code]

[Void Main]

Yeah, I had already looked at that information. I just assumed it was an unfriendly bot of some sort. But if it was really someone interested in pulling my stuff because they found it useful I wanted to give them a chance to be unblocked, and of course to be informed that the way they were pulling it was causing me problems.

[Panos]

If it's a crawler it's not a very good one. Google is nice and stays out of that stuff.

Yes i agree. The symptoms you prescribed though resemble those of a spambot scan. I wouldn't unblock it if i were you void, but then again you know that already.

[Void Main]

If it is a spambot does anyone know any DoS kiddies looking for a target? :)

[Calum]

a small linux forum isn't really a target (but then, a society providing free software (like slackware.com) isn't either).

that site sucks. (haw haw! i kill me!)

[Void Main]

No, I wanted to know if anyone knew any DoS kiddies looking for a target that could blast that spambot machine. It will save everyone from getting one more SPAM in their email.

[Panos]

I wish I knew some 'cause I really hate spammers! But then again who doesn't?

[Void Main]

Here is today's "bot o' the day":

IP: 64.140.49.66, 67, 68, 69
Interesting information: http://www.turnitin.com/robot/crawlerinfo.html

IP has been blocked, I saw it trying to go through private messages. If you are responsible for this bot then send me a note. I do not appreciate this.

Sample Log entry:

64.140.49.67 - - [06/Feb/2003:00:13:57 -0600] "GET /robots.txt HTTP/1.0" 404 1081
"-" "TurnitinBot/1.5 (http://www.turnitin.com/robot/crawlerinfo.html)"

Guess I need to start working on my robots.txt file, for those that are nice enough to look for one.

[Panos]

IP has been blocked, I saw it trying to go through private messages. If you are responsible for this bot then send me a note. I do not appreciate this.

Who exactly are you refering to void main? I hope that it's not me!

[Void Main]

Who exactly are you refering to void main? I hope that it's not me! :shock:

Heh heh, if I was referring to you, you never would have been able to post that message, and wouldn't be able to read this one. But if you are in charge of http://www.turnitin.com/ then yes, I would be referring to you. But I am pretty sure that is not the case. :)